I have a task to parse and search in json logs properly. I read this manual and it’s working good as described:
So now I have a field details_tags with data: one, two, three, but I have literally no idea how can I search, for example all logs with details_tags field contains two.
Could you please tell me, if there is any way to search in this ‘array’-field by values?
Also I’ll be very grateful for some specs on this theme.
Thank you a lot in advance!
As far as I understand after some research:
- GELF format does not support arrays.
- Json extractor cannot properly extract array from a field: https://github.com/Graylog2/graylog2-server/issues/6006
- The result from the default example array - one, two, three - is just a string. So for my case, the only way to search some value, like two, is to enable allow_leading_wildcard_searches and then use search query like this
Please advise me if I’m right or not. I am ok with negative result, I just will be glad for confirmation to move on.
If my topic doesn’t clear I’ll try to explain my idea better, please let me know.
I don’t know about extracting JSON arrays but for your 3rd point you can use a regex to search without the need to enable allow_leading_wildcard_searches:
Thank you for your help, frantz! This is useful for my case.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.